Notification of Possible PHI Disclosure
Jun 06, 2025
NYC Health + Hospitals was notified on April 9, 2025, that one of its vendor’s subcontractor, Renkim, which provides electronic, print, and mail processing services, experienced a data security incident that affected the protected health information (PHI) of 5,728 NYC Health + Hospitals patients. The incident occurred on or around March 2, 2025, and was discovered by Renkim on March 3, 2025. Upon discovery, Renkim immediately isolated and took the impacted systems offline. Renkim also hired third-party experts to address this situation, investigate the unauthorized activity, and further secure our systems to protect your information. They also notified law enforcement.
The PHI affected included patients’ names, addresses, and the fact that they are a NYC Health + Hospitals patient. No financial information or other identifiers were disclosed. There is no evidence to suggest that the PHI has been misused in any manner.
Renkim has also provided information on their website regarding the incident. Affected patients are invited to visit the Renkim website at https://renkim.com/renkim-notice-of-data-security-incident/ or call Renkim toll free 1-866-461-3496, from 8:00 am to 8:00 pm (Eastern Time) Monday through Friday, with any questions or related concerns. They can also contact Renkim at privacyincident@renkim.com, and one of their representatives will assist you.
Consistent with federal regulatory requirements, NYC Health + Hospitals has notified the Office for Civil Rights (OCR), the federal oversight agency for unauthorized disclosures of PHI.
For more information, please contact pressoffice@nychhc.org.
